New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Paloalto Networks > PSE-Software Firewall Professional > PSE-SoftwareFirewall

PSE-SoftwareFirewall Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional Question and Answers

Question # 4

Which two public cloud platforms does the VM-Series plugin support? (Choose two.)

A.

IBM Cloud

B.

OCI

C.

Amazon Web Services (AWS)

D.

Azure

Full Access
Question # 5

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

A.

Edit the IP address of all of the affected VMs.

B.

Create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

C.

Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

D.

Create a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

Full Access
Question # 6

Auto scaling templates for which type of firewall enable deployment of a single auto scaling group (ASG) of VM-Series firewalls to secure inbound traffic from the internet to Amazon Web Services (AWS) application workloads?

A.

HA-Series

B.

VM-Series

C.

PA-Series

D.

CN-Series

Full Access
Question # 7

What is required to integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration?

A.

Client-ID

B.

API Key

C.

Dynamic Address Groups

D.

Aperture orchestration engine

Full Access
Question # 8

What can be implemented in a CN-Series to protect communications between Dockers?

A.

Data loss prevention (DLP)

B.

Firewalling

C.

Runtime security

D.

Vulnerability management

Full Access
Question # 9

Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?

A.

They function differently based on whether they are located inside or outside of the cluster.

B.

They are located outside the cluster and have no visibility into application-level cluster traffic.

C.

They are managed by another entity when located inside the cluster.

D.

They do not scale independently of the Kubernetes cluster.

Full Access
Question # 10

What does the number of required flex credits for a VM-Series firewall depend on?

A.

IP address allocation

B.

Memory allocation

C.

Network interface allocation

D.

vCPU allocation

Full Access
Question # 11

Which component allows the flexibility to add network resources but does not require making changes to existing policies and rules?

A.

Content-ID

B.

External dynamic list (EDL)

C.

Dynamic address group

D.

App-ID 

Full Access
Question # 12

Which offering can gain visibility and prevent an attack by a malicious actor attempting to exploit a known web server vulnerability using encrypted communication?

A.

OCSP

B.

Advanced URL Filtering (AURLF)

C.

Secure Sockets Layer (SSL) Inbound Inspection

D.

WildFire

Full Access
Question # 13

Regarding network segmentation, which two steps are involved in the configuration of a default route to an internet router? (Choose two.)

A.

Select the Static Routes tab, then click Add.

B.

Select the Config tab, then select New Route from the Security Zone Route drop-down menu.

C.

Select Network > Interfaces.

D.

Select Network > Virtual Router, then select the default link to open the Virtual Router dialog.

Full Access
Question # 14

When implementing active-active high availability (HA), which feature must be configured to allow the HA pair to share a single IP address that may be used as the network's gateway IP address?

A.

Floating IP address

B.

VRRP

C.

ARP load sharing

D.

HSRP

Full Access
Question # 15

Which software firewall would assist a prospect who is interested in securing extensive DevOps deployments?

A.

VM-Series

B.

CN-Series

C.

Ion-Series

D.

Cloud next-generation firewall (NGFW)

Full Access
Question # 16

Which service, when enabled, provides inbound traffic protection?

A.

Data loss prevention (DLP)

B.

Advanced URL Filtering (AURLF)

C.

DNS Security

D.

Threat Prevention

Full Access
Question # 17

Which Palo Alto Networks firewall provides network security when deploying a microservices-based application?

A.

VM-Series

B.

PA-Series

C.

HA-Series

D.

CN-Series

Full Access
Question # 18

Which two actions can be performed for VM-Series firewall licensing by an orchestration system? (Choose two.)

A.

Registering an authorization code

B.

Creating a license

C.

Downloading a content update

D.

Renewing a license

Full Access
Question # 19

Which two statements apply to the VM-Series plugin? (Choose two.)

A.

It can manage Panorama plugins.

B.

It can be upgraded independently of PAN-OS.

C.

It can manage capabilities common to both VM-Series firewalls and hardware firewalls.

D.

It enables management of cloud-specific interactions between VM-Series firewalls and supported public cloud platforms.

Full Access